Mirai - help

I’m fairly new still but not a total noob. I am just starting to work on boxes on hackthebox and started with Mirai. I’ve been able to enumerate most of the webserver but, haven’t found anything that can be exploited. I am wondering if anyone can just give me a hint.

Often times, the name of a box is the biggest hint.

Did you find anything interesting in your enumeration? There should have been something that will give you a good starting point, and then as @ippsec said the name is a big hint how to proceed. Good luck.

@andrewh Yeah, i got it. I was over thinking it, as I usually do and didn’t enumerate as well as I should have. The box name was a good hint, I should have thought of that… I mean Pi-hole was a good hint as well if that’s what you’re talking about and after that I was able to put two and two together and get in.

Awesome job mate, well done. :slight_smile:

Everyone seems to get Mirai, but I don’t, or haven’t yet. I’ve enumerated the standard 3 services and 3 more somewhat non-standard services along with their version information. But I don’t understand how Pi-Hole and Mirai are hints. I know what these are, but am still missing it.

How did mirai spread? Once you know this combine it with what you know about the os on the box. Google is your friend. Once you know all of the above put it together and you’ll be in!!

@andrewh Mirai spread by accessing IoT devices via default usernames and passwords. I tried those via SSH with Hydra. I also tried to use the passwords to login to Pi-hole as admin using BurpSuite. No luck. Trying to do the same with Plex, but whenever BurpSuite intercepts the Plex page reports it is not accessible. I had an idea about Mirai and CNC, but suspected that I was overthinking.

@godescbach That’s the biggest clue of the box.

@lokii, @andrewh, Thanks for your advice. I let it lie for about a week and then found my answer after a few minutes of research last night. Wow. Duh! Managed to get root with a little more research on the bread crumbs.

Thanks for the hints!.

Smacked my face on my desk with this one when I realized.

I am just getting started but scanned the ports got some two http ports found that it was pi, and Mirai seems to attack with default passwords. but still got no hits can someone help me with a hint.